Debian

sssd-廣告在喘息中

  • January 27, 2015

我在serverfault上執行了一個類似的問題,但我有一個更適合這裡的後續問題,以我的謙虛(可能不知情)的觀點。

我一直在嘗試針對公司 AD(Windows 2008 伺服器)驗證我的 Debian Wheezy 伺服器中的使用者。

主要挑戰是此 AD 不提供任何 Unix 屬性(uid、gid、homedir、shell)。我通過使用 sssd 及其備份機制繞過了 homedir 和 shell。但是,我目前卡在uid,gid上。

當我嘗試使用配置進行同步時(我將其縮減為相關部分)

id_provider = ad
access_provider = ad
auth_provider = krb5
chpass_provider = krb5
ldap_schema = ad
ldap_id_mapping = true
debug_level = 7

我收到以下錯誤:

(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed PAM client
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed NSS client
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection FB1630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798,guid=84361ff4e288ffa9288b858f54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1A3D630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799,guid=f69da63ecb7352f94fee01df54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 210B630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800,guid=466e1c905c470ad8c00455f754c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1811630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801,guid=7410c96282fd44c81ae85d5454c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]

這些文件實際上失去了:

/usr/lib/x86_64-linux-gnu/sssd$ ls -la
total 3884
drwxr-xr-x  3 root root    4096 Jan 26 15:05 .
drwxr-xr-x 11 root root   12288 Jan 26 15:05 ..
-rw-r--r--  1 root root 1405048 Mar  4  2013 libsss_ipa.so
-rw-r--r--  1 root root  585784 Mar  4  2013 libsss_krb5.so
-rw-r--r--  1 root root 1081880 Mar  4  2013 libsss_ldap.so
-rw-r--r--  1 root root  479160 Mar  4  2013 libsss_proxy.so
-rw-r--r--  1 root root  389400 Mar  4  2013 libsss_simple.so
drwxr-xr-x  2 root root    4096 Jan 26 15:05 modules

我如何在 Debian Wheezy 上獲得 sssd 的 sssd 廣告提供商?我已經看到了很多使用它的例子。它真的不包含在 wheezy 發行版中嗎?我可以通過某種方式使用 ldap 提供程序來解決它嗎?還是我必須弄亂我的伺服器並將不穩定的儲存庫添加到我的源中?

來自測試的版本 1.11.7-2 在生產環境中對我有用。

您不需要從 stable 升級整個系統,只需添加一個測試儲存庫:

deb http://ftp.uk.debian.org/debian/ testing main contrib non-free
deb http://ftp.uk.debian.org/debian/ testing-updates main contrib non-free

您可能需要apt說明您更喜歡穩定版。為此,您可以將此部分添加到文件中,例如/etc/apt/apt.conf.d/00local

APT {
   Default-Release "stable";
   // Cache-Limit "50000000";  // only if needed
};

然後執行aptitude update,你應該會發現aptitude install -t testing sssd-ad提供安裝和升級 sssd 等。

為了完整起見,這裡是我的(已編輯)sssd.conf

[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = example.org

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
offline_credentials_expiration = 7
offline_failed_login_delay = 1

[domain/example.org]
enumerate = false
ldap_group_nesting_level = 5
ldap_use_tokengroups = false
cache_credentials = true
account_cache_expiration = 10
entry_cache_timeout = 14400
lookup_family_order = ipv4_only
dns_resolver_timeout = 3
dns_discovery_domain = example.org
fallback_homedir = /home/%d/%u
default_shell = /bin/bash
id_provider = ad

引用自:https://unix.stackexchange.com/questions/181307

相關問答

Debian

nsswitch 如何呼叫 sssd 獲取憑據?

  • May 23, 2018
檢視問答
Ubuntu

Active Directory 中的 Linux:永久使用者

  • August 8, 2021
檢視問答
Ubuntu

加入 Active Directory 域時遇到問題

  • May 18, 2021
檢視問答
Samba

AD 使用者無法訪問 Samba 共享

  • July 20, 2020
檢視問答
Ubuntu

加入域的 Linux - PAM mkhomedir 創建作為 SSH 的 root 擁有的 homedir

  • September 3, 2019
檢視問答
Linux

在 Solaris 上我得到了很好的 id 映射..在 linux 上沒有,為什麼?

  • December 11, 2018
檢視問答